Small Doses: Personal Data In NJ Now Includes Online Account Credentials

Edward Cyran
Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLP

Any practice (whether medical, dental or orthodontic) that provides patients with the opportunity to log-on to the practice’s website for scheduling, bill payment or other information should note that, as of July 1, 2019, the patient’s login credentials (i.e., username/email address in combination with a password or answer to a security question) will be considered “personal data” under New Jersey law.   The new amendment to the definition of “personal data” can be accessed here:  Amendment to NJ Personal Data Law

As with other “personal data” of residents in New Jersey (such as social security numbers, driver’s license numbers, or credit card numbers in combination with a security code), any business storing such information has an obligation to inform the affected person when unauthorized access to electronic files containing such information has occurred that would compromise the security, confidentiality or integrity of the information.  This obligation to inform also applies in instances where the business reasonably believes that unauthorized access of the information occurred (even if it cannot be confirmed).

In the event of an unauthorized disclosure (or “breach of security”), the business must notify the patient in “the most expedient possible and without unreasonable delay.”  [N.J.S.A. 56:8-163(12)(a)].

This new amendment to the law is a reminder that practices should consider the privacy and security of health information and personal information to be a critical component of practice administration.  Proper policies and procedures should be in place, staff should be properly trained, and the practice should address the security of its electronic systems and obtain meaningful cybersecurity insurance coverage.

With the rise of cybersecurity threats, it will continue to become more important for practices to properly, thoroughly and actively address the privacy and security of the health and personal data that they collect and store.  Seek out experienced legal counsel to guide you and your practice through this process, including, but not limited to, implementing adequate safeguards and plans to limit the unauthorized disclosure of personal information.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide